Conversation
[Feature #10] ECS 기반 Deploy 인프라 구축
Terraform Plan Output for
|
Terraform Plan Output for
|
Terraform Plan Output for
|
💰 Infracost reportMonthly estimate increased by $21 📈
*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options. Estimate details |
Terraform Plan Output for
|
Terraform Plan Output for
|
Terraform Plan Output for
|
Terraform Plan Output for
|
Merged
Terraform Plan Output for
|
Terraform Plan Output for
|
Terraform Plan Output for
|
Terraform Plan Output for
|
Terraform Plan Output for
|
Terraform Plan Output for
|
Terraform Plan Output for
|
CI/CD Test CI/CD Test CI/CD Test CI/CD Test 의존성 기반 CD 수정
[Terraform Plan Summary]
Plan Output |
[Terraform Plan Summary]
Plan OutputTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_codedeploy_deployment_group.ecs_deployment_group will be updated in-place
~ resource "aws_codedeploy_deployment_group" "ecs_deployment_group" {
id = "27d7f507-0d04-44d2-845f-3b94a4ee6055"
tags = {}
# (11 unchanged attributes hidden)
~ load_balancer_info {
~ target_group_pair_info {
~ prod_traffic_route {
~ listener_arns = [
- "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:listener/app/cloudfence-alb/94534059ffea61b3/fa0ed7b1b9d8d37a",
+ "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:listener/app/cloudfence-alb/f47e0f7ae8cca8d4/63a27fd938e3acda",
]
}
# (2 unchanged blocks hidden)
}
}
# (4 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy. |
[Terraform Plan Summary]
Plan OutputTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_acm_certificate.cert will be updated in-place
~ resource "aws_acm_certificate" "cert" {
id = "arn:aws:acm:ap-northeast-2:243359234795:certificate/c1771cc4-e706-48af-8478-d5ad0703a5ee"
tags = {}
# (15 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy. |
[Terraform Plan Summary]
Plan Output |
[Terraform Plan Summary]
Plan Output |
[Terraform Plan Summary]
Plan OutputTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_autoscaling_group.ecs_auto_scaling_group will be updated in-place
~ resource "aws_autoscaling_group" "ecs_auto_scaling_group" {
~ desired_capacity = 4 -> 2
id = "terraform-20250708183155941500000003"
name = "terraform-20250708183155941500000003"
# (26 unchanged attributes hidden)
- tag {
- key = "AmazonECSManaged" -> null
- propagate_at_launch = true -> null
}
# (4 unchanged blocks hidden)
}
# aws_ecs_service.ecs_service will be updated in-place
~ resource "aws_ecs_service" "ecs_service" {
id = "arn:aws:ecs:ap-northeast-2:243359234795:service/cloudfence-ecs-cluster/cloudfence-ecs-service"
name = "cloudfence-ecs-service"
tags = {
"Name" = "cloudfence-ecs-service"
}
# (15 unchanged attributes hidden)
- load_balancer {
- container_name = "cloudfence-container" -> null
- container_port = 80 -> null
- target_group_arn = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:targetgroup/cloudfence-blue-tg/02aab250702b4e73" -> null
}
+ load_balancer {
+ container_name = "cloudfence-container"
+ container_port = 80
+ target_group_arn = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:targetgroup/cloudfence-blue-tg/e32c1812a58c2ecc"
}
# (2 unchanged blocks hidden)
}
# aws_launch_template.ecs_launch_template will be updated in-place
~ resource "aws_launch_template" "ecs_launch_template" {
id = "lt-0af626adfdc0b5ecd"
~ image_id = "ami-0bc365768d185847c" -> "ami-0554fb8380fb25f79"
~ latest_version = 1 -> (known after apply)
name = "cloudfence-ecs-launch-template-20250708183148664400000001"
tags = {
"Name" = "cloudfence-ecs-launch-template"
}
# (10 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy. |
[Terraform Plan Summary]
Plan OutputNote: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:
# aws_lb.alb has been deleted
- resource "aws_lb" "alb" {
- arn = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:loadbalancer/app/cloudfence-alb/f47e0f7ae8cca8d4" -> null
- dns_name = "cloudfence-alb-837737541.ap-northeast-2.elb.amazonaws.com" -> null
id = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:loadbalancer/app/cloudfence-alb/f47e0f7ae8cca8d4"
name = "cloudfence-alb"
tags = {
"Name" = "cloudfence-alb"
}
# (22 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_lb_listener.https has been deleted
- resource "aws_lb_listener" "https" {
- arn = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:listener/app/cloudfence-alb/f47e0f7ae8cca8d4/63a27fd938e3acda" -> null
id = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:listener/app/cloudfence-alb/f47e0f7ae8cca8d4/63a27fd938e3acda"
# (7 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_lb_target_group.blue has been deleted
- resource "aws_lb_target_group" "blue" {
- arn = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:targetgroup/cloudfence-blue-tg/e32c1812a58c2ecc" -> null
id = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:targetgroup/cloudfence-blue-tg/e32c1812a58c2ecc"
name = "cloudfence-blue-tg"
tags = {
"Name" = "cloudfence-blue-tg"
}
# (16 unchanged attributes hidden)
# (5 unchanged blocks hidden)
}
# aws_wafv2_web_acl.alb_waf has been deleted
- resource "aws_wafv2_web_acl" "alb_waf" {
- arn = "arn:aws:wafv2:ap-northeast-2:243359234795:regional/webacl/cloudfence-alb-waf/ef46bd94-2986-4baa-b706-adc6e3584106" -> null
id = "ef46bd94-2986-4baa-b706-adc6e3584106"
name = "cloudfence-alb-waf"
tags = {
"Name" = "cloudfence-alb-waf"
}
# (6 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.
─────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_lb.alb will be created
+ resource "aws_lb" "alb" {
+ arn = (known after apply)
+ arn_suffix = (known after apply)
+ client_keep_alive = 3600
+ desync_mitigation_mode = "defensive"
+ dns_name = (known after apply)
+ drop_invalid_header_fields = true
+ enable_deletion_protection = true
+ enable_http2 = true
+ enable_tls_version_and_cipher_suite_headers = false
+ enable_waf_fail_open = false
+ enable_xff_client_port = false
+ enable_zonal_shift = false
+ enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
+ id = (known after apply)
+ idle_timeout = 60
+ internal = false
+ ip_address_type = (known after apply)
+ load_balancer_type = "application"
+ name = "cloudfence-alb"
+ name_prefix = (known after apply)
+ preserve_host_header = false
+ security_groups = [
+ "sg-0901c74dad6dc2648",
]
+ subnets = [
+ "subnet-0c5f26bf8ae501ff0",
+ "subnet-0df2871a859b233cd",
]
+ tags = {
+ "Name" = "cloudfence-alb"
}
+ tags_all = {
+ "Name" = "cloudfence-alb"
}
+ vpc_id = (known after apply)
+ xff_header_processing_mode = "append"
+ zone_id = (known after apply)
}
# aws_lb_listener.https will be created
+ resource "aws_lb_listener" "https" {
+ arn = (known after apply)
+ certificate_arn = "arn:aws:acm:ap-northeast-2:243359234795:certificate/c1771cc4-e706-48af-8478-d5ad0703a5ee"
+ id = (known after apply)
+ load_balancer_arn = (known after apply)
+ port = 443
+ protocol = "HTTPS"
+ routing_http_request_x_amzn_mtls_clientcert_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_issuer_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_leaf_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_subject_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_validity_header_name = (known after apply)
+ routing_http_request_x_amzn_tls_cipher_suite_header_name = (known after apply)
+ routing_http_request_x_amzn_tls_version_header_name = (known after apply)
+ routing_http_response_access_control_allow_credentials_header_value = (known after apply)
+ routing_http_response_access_control_allow_headers_header_value = (known after apply)
+ routing_http_response_access_control_allow_methods_header_value = (known after apply)
+ routing_http_response_access_control_allow_origin_header_value = (known after apply)
+ routing_http_response_access_control_expose_headers_header_value = (known after apply)
+ routing_http_response_access_control_max_age_header_value = (known after apply)
+ routing_http_response_content_security_policy_header_value = (known after apply)
+ routing_http_response_server_enabled = (known after apply)
+ routing_http_response_strict_transport_security_header_value = (known after apply)
+ routing_http_response_x_content_type_options_header_value = (known after apply)
+ routing_http_response_x_frame_options_header_value = (known after apply)
+ ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
+ tags_all = (known after apply)
+ tcp_idle_timeout_seconds = (known after apply)
+ default_action {
+ order = (known after apply)
+ target_group_arn = (known after apply)
+ type = "forward"
}
}
# aws_lb_listener.https_redirect will be created
+ resource "aws_lb_listener" "https_redirect" {
+ arn = (known after apply)
+ id = (known after apply)
+ load_balancer_arn = (known after apply)
+ port = 80
+ protocol = "HTTP"
+ routing_http_request_x_amzn_mtls_clientcert_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_issuer_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_leaf_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_subject_header_name = (known after apply)
+ routing_http_request_x_amzn_mtls_clientcert_validity_header_name = (known after apply)
+ routing_http_request_x_amzn_tls_cipher_suite_header_name = (known after apply)
+ routing_http_request_x_amzn_tls_version_header_name = (known after apply)
+ routing_http_response_access_control_allow_credentials_header_value = (known after apply)
+ routing_http_response_access_control_allow_headers_header_value = (known after apply)
+ routing_http_response_access_control_allow_methods_header_value = (known after apply)
+ routing_http_response_access_control_allow_origin_header_value = (known after apply)
+ routing_http_response_access_control_expose_headers_header_value = (known after apply)
+ routing_http_response_access_control_max_age_header_value = (known after apply)
+ routing_http_response_content_security_policy_header_value = (known after apply)
+ routing_http_response_server_enabled = (known after apply)
+ routing_http_response_strict_transport_security_header_value = (known after apply)
+ routing_http_response_x_content_type_options_header_value = (known after apply)
+ routing_http_response_x_frame_options_header_value = (known after apply)
+ ssl_policy = (known after apply)
+ tags_all = (known after apply)
+ tcp_idle_timeout_seconds = (known after apply)
+ default_action {
+ order = (known after apply)
+ type = "redirect"
+ redirect {
+ host = "#{host}"
+ path = "/#{path}"
+ port = "443"
+ protocol = "HTTPS"
+ query = "#{query}"
+ status_code = "HTTP_301"
}
}
}
# aws_lb_target_group.blue will be created
+ resource "aws_lb_target_group" "blue" {
+ arn = (known after apply)
+ arn_suffix = (known after apply)
+ connection_termination = (known after apply)
+ deregistration_delay = "300"
+ id = (known after apply)
+ ip_address_type = (known after apply)
+ lambda_multi_value_headers_enabled = false
+ load_balancer_arns = (known after apply)
+ load_balancing_algorithm_type = (known after apply)
+ load_balancing_anomaly_mitigation = (known after apply)
+ load_balancing_cross_zone_enabled = (known after apply)
+ name = "cloudfence-blue-tg"
+ name_prefix = (known after apply)
+ port = 80
+ preserve_client_ip = (known after apply)
+ protocol = "HTTP"
+ protocol_version = (known after apply)
+ proxy_protocol_v2 = false
+ slow_start = 0
+ tags = {
+ "Name" = "cloudfence-blue-tg"
}
+ tags_all = {
+ "Name" = "cloudfence-blue-tg"
}
+ target_type = "instance"
+ vpc_id = "vpc-0bdd444c9fd4a19ef"
+ health_check {
+ enabled = true
+ healthy_threshold = 2
+ interval = 30
+ matcher = (known after apply)
+ path = "/"
+ port = "traffic-port"
+ protocol = "HTTP"
+ timeout = 5
+ unhealthy_threshold = 2
}
}
# aws_lb_target_group.green will be created
+ resource "aws_lb_target_group" "green" {
+ arn = (known after apply)
+ arn_suffix = (known after apply)
+ connection_termination = (known after apply)
+ deregistration_delay = "300"
+ id = (known after apply)
+ ip_address_type = (known after apply)
+ lambda_multi_value_headers_enabled = false
+ load_balancer_arns = (known after apply)
+ load_balancing_algorithm_type = (known after apply)
+ load_balancing_anomaly_mitigation = (known after apply)
+ load_balancing_cross_zone_enabled = (known after apply)
+ name = "cloudfence-green-tg"
+ name_prefix = (known after apply)
+ port = 80
+ preserve_client_ip = (known after apply)
+ protocol = "HTTP"
+ protocol_version = (known after apply)
+ proxy_protocol_v2 = false
+ slow_start = 0
+ tags = {
+ "Name" = "cloudfence-green-tg"
}
+ tags_all = {
+ "Name" = "cloudfence-green-tg"
}
+ target_type = "instance"
+ vpc_id = "vpc-0bdd444c9fd4a19ef"
+ health_check {
+ enabled = true
+ healthy_threshold = 2
+ interval = 30
+ matcher = (known after apply)
+ path = "/"
+ port = "traffic-port"
+ protocol = "HTTP"
+ timeout = 5
+ unhealthy_threshold = 2
}
}
# aws_wafv2_web_acl.alb_waf will be created
+ resource "aws_wafv2_web_acl" "alb_waf" {
+ application_integration_url = (known after apply)
+ arn = (known after apply)
+ capacity = (known after apply)
+ description = "WAF for ALB"
+ id = (known after apply)
+ lock_token = (known after apply)
+ name = "cloudfence-alb-waf"
+ name_prefix = (known after apply)
+ scope = "REGIONAL"
+ tags = {
+ "Name" = "cloudfence-alb-waf"
}
+ tags_all = {
+ "Name" = "cloudfence-alb-waf"
}
+ default_action {
+ allow {
}
}
+ rule {
+ name = "AWS-AWSManagedRulesCommonRuleSet"
+ priority = 1
+ override_action {
+ none {}
}
+ statement {
+ managed_rule_group_statement {
+ name = "AWSManagedRulesCommonRuleSet"
+ vendor_name = "AWS"
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "AWSManagedRulesCommonRuleSet"
+ sampled_requests_enabled = true
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "waf-alb-metric"
+ sampled_requests_enabled = true
}
}
# aws_wafv2_web_acl_association.alb_association will be created
+ resource "aws_wafv2_web_acl_association" "alb_association" {
+ id = (known after apply)
+ resource_arn = (known after apply)
+ web_acl_arn = (known after apply)
}
Plan: 7 to add, 0 to change, 0 to destroy.
Changes to Outputs:
~ blue_target_group_arn = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:targetgroup/cloudfence-blue-tg/e32c1812a58c2ecc" -> (known after apply)
~ dns_name = "cloudfence-alb-837737541.ap-northeast-2.elb.amazonaws.com" -> (known after apply)
~ listener_arn = "arn:aws:elasticloadbalancing:ap-northeast-2:243359234795:listener/app/cloudfence-alb/f47e0f7ae8cca8d4/63a27fd938e3acda" -> (known after apply) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#️⃣ Related Issues
#10
📝 Work Summary
아키텍처
operation-team-account에서 ECR 를 관리하며 ECR에서 도커 이미지를 빌드하고 저장하고
prod-team-account에서 어플리케이션에 사용될 VPC, ALB, ECS 등 리소스를 운영히여
각 리소스가 독립된 서비스로 상호작용하여 배포가 자동으로 이루어짐.
계정 분리
각 리소스가 사용되는 account를 분리하여 해당 계정 폴더 하위에 리소스 별로 나눠 Terraform 코드를 분리
데이터 공유 및 의존성 관리
terraform_remote_state를 통해 state를 참조해와 각각에 필요한 변수의 역할을 수행
CI/CD 파이프라인
하위 폴더 구조를 고려하는 matrix에 병렬 처리 시 state-lock으로 생길 수 있는 문제를 해결하기 위해 의존성 기반으로 우선순위를 만들어 의존성 해결 시 다음 job이 수행될 수 있도록 구성